SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Firewall)  >   KerioControl (WinRoute Firewall) Vendors:   Kerio Technologies
Kerio WinRoute Firewall Administration Interface Flaw Lets Remote Users Create Denial of Service Conditions
SecurityTracker Alert ID:  1006426
SecurityTracker URL:  http://securitytracker.com/id/1006426
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 31 2003
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 5.0.1
Description:   A denial of service vulnerability was reported in Kerio WinRoute Firewall. A remote user can cause CPU utilization to rise and connection requests to be dropped.

Positive Technologies reported that a remote user can send a single HTTP request to the firewall's web-based administration port (tcp 4080) to cause CPU utilization to reach 100%. According to the report, about half of the subsequent connection requests will be dropped.

A demonstration exploit request (without the expected 'Server' line) is provided:

GET / HTTP/1.0
Authorization: Basic XXX

Impact:   A remote user can cause the target host's processor utilization to reach 100% and connections to the target to be dropped.
Solution:   The vendor has released a fixed version (5.0.2).

The author of the report indicates that you can also block remote access to TCP port 4080 on the firewalled host.

Vendor URL:  www.kerio.com/us/kwf_home.html (Links to External Site)
Cause:   Resource error, State error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Positive Technologies Security Advisory 2003-0307: DoS-attack in Kerio WinRoute Firewall


               Positive Technologies Security Advisory
                     http://www.ptsecurity.com


        Title: DoS-attack in Kerio WinRoute Firewall
         Date: March, 07 2003
     Severity: High
  Application: Kerio WinRoute Firewall 5.0.1
     Platform: Windows 95/98/ME/NT/2000/XP
Vendor Status: Notified, patched in version 5.0.2

 

I. DESCRIPTION 

---------------

Denial  of  Service  condition  exists  in Kerio WinRoute Firewall's Web
administration interface which hand service with 100% CPU utilization.


Positive  Technologies  reports that single simple HTTP request to Kerio
Winroute Firewall Web administration interface (TCP/4080)


GET / HTTP/1.0
Authorization: Basic XXX

 
instead of correct one:


GET / HTTP/1.0
Host: server
Authorization: Basic XXX


causes 100% CPU utilization of attacked computer.


II. IMPACT

---------------

Remote  user  can  launch denial of service attack against web interface
(port TCP/4080). Single request causes 100% CPU utilization. As a result
more  than  50%  of  future  connection  requests may be lost disturbing
normal functionality of the networking services.


III. SOLUTION 

---------------

Block TCP/4080 access or upgrade to Kerio WinRoute Firewall 5.0.2.


IV. VENDOR FIX/RESPONSE

---------------

Vendor was notified on 10.03.2003.


V. CREDIT

---------------

Positive Technologies is information security company especially focused on
protection of corporate networks from external attacks. The main trend of
wide range of services in the filed of information security: from network
architecture development or optimization to consulting and custom software
source-code examination.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC